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Abstract 

In  this  paper  we  consider  the  problem  of  higher-level  aggregate  modelling  and  con¬ 
trol  of  discrete-event  dynamic  systems  (BEDS)  modelled  as  finite  state  automata  in 
which  some  events  are  controllable,  some  are  observed,  and  some  represent  events 
to  be  tracked.  The  higher-level  models  considered  correspond  to  associating  specified 
sequences  of  events  in  the  original  system  to  single  macroscopic  events  in  the  higher- 
level  model.  We  also  consider  the  problem  of  designing  a  compensator  that  can  be 
used  to  restrict  microscopic  behavior  so  that  the  system  will  only  produce  strings  of 
these  primitive  sequences  or  tasks.  With  this  lower  level  control  in  place  we  can  con¬ 
struct  higher-level  models  which  typically  have  many  fewer  states  and  events  than 
the  original  system.  Also,  motivated  by  applications  such  as  flexible  manufactur¬ 
ing,  we  address  the  problem  of  constructing  and  controlling  higher-level  models  of 
interconnections  of  BEDS.  This  allows  us  to  “slow  down”  the  combinatorial  explosion 
tjTTically  present  in  computations  involving  interacting  automata. 
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1  Introduction 

The  study  of  complex  systems  has  frequently  prompted  research  on  tools  for  aggre¬ 
gation  and  multi-level  analysis.  In  this  paper,  we  study  such  tools  in  the  context  of 
Discrete  Event  Dynamic  Systems  (DEDS).  DEDS  have  been  studied  extensively  by 
computer  scientists,  and  recently,  the  notion  of  control  of  a  DEDS  has  been  intro¬ 
duced  by  Wonham,  Ramadge,  et  al.  [1,7,8,9].  This  work  assumes  a  finite  state  model 
in  which  certain  events  in  the  system  can  be  enabled  or  disabled.  The  control  of  the 
system  is  achieved  by  choice  of  control  inputs  that  enable  or  disable  these  events.  We 
also  consider  a  similar  model  in  our  work. 

A  major  issue  of  concern  in  the  work  of  Wonham  and  Ramadge,  as  well  as  other 
work  on  DEDS  is  that  of  computational  complexity,  and  the  goal  of  this  paper  is  to 
address  certain  issues  of  complexity.  In  particular,  in  many  applications  the  desired 
range  of  behavior  of  a  DEDS  is  significantly  smaller  and  more  structured  than  its  full 
range  of  possible  behaviors.  For  example,  a  workstation  in  a  flexible  manufacturing 
system  may  have  considerable  flexibility  in  the  sequence  of  operations  it  performs. 
However,  only  particular  sequences  correspond  to  useful  tasks.  This  idea  underlies 
the  notion  of  a  legal  language  introduced  in  [8].  In  the  analysis  described  in  this 
paper  we  use  it  as  well  to  develop  a  method  for  higher-level  modelling  and  control 
in  which  a  sequence  of  events  corresponding  to  a  task  is  mapped  to  a  single  macro¬ 
event  at  the  higher-level.  Also,  in  DEDS  described  as  interconnections  of  subsystems 
the  overall  state  space  for  the  entire  system  can  be  enormous.  However,  in  many 
applications,  such  as  a  flexible  manufacturing  system  consisiting  of  interconnections 
of  workstations,  the  desired  coordination  of  the  subsystems  is  at  the  task  level,  and 
thus  we  can  consider  the  interactions  of  their  individual  aggregate  models.  These 
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higher-level  characterizations  allow  us  to  represent  sets  of  states  by  a  single  state 
and  sets  of  strings  by  a  single  event.  We  thus  achieve  both  spatial  and  temporal 
aggregation  that  can  greatly  reduce  the  apparent  computational  explosion  arising  in 
the  analysis  of  extremely  complex  systems. 

The  work  described  in  this  paper  builds  on  several  of  our  previous  papers  [2,3,4, 
5,6]  and  can  be  viewed  as  the  culmination  of  an  effort  to  develop  a  regulator  theory 
for  BEDS.  As  we  will  see,  our  development  will  involve  controlling  the  system  so  that 
its  behavior  is  restricted  to  completing  the  desired  tasks,  lb  address  this,  we  will 
rely  on  the  notions  of  tracking  and  restrictability  that  we  developed  in  [5].  The  latter 
of  these  is  closely  related  to  the  notion  of  constraining  behavior  to  a  legal  language. 
However,  by  describing  the  desired  behavior  in  terms  of  primitive  tasks,  we  achieve 
significant  efficiencies,  and  through  the  use  of  the  notion  of  eventual  restrictability 
we  are  able  to  directly  accomodate  the  phenomenon  of  set-up,  i.e.,  the  externally 
irrelevant  transient  behavior  arising  when  one  switches  between  tasks. 

We  will  see  that  many  of  the  components  of  oxm  work  are  relevant  here.  In 
particular,  our  notion  of  stability  [6],  i.e.,  of  driving  the  system  to  a  specified  set  of 
states  is  central  to  most  of  our  constructions.  Furthermore,  since  we  assume  a  model 
in  which  only  some  events  are  observed,  we  will  need  to  make  use  of  oirr  results  in 
observability  [3]  and  output  stabilization  [4].  Finally,  in  order  to  derive  an  upper- 
level  model,  it  will  be  necessary  to  be  able  to  use  our  observations  to  reconstruct  the 
sequence  of  tasks  that  has  been  performed.  This  is  closely  related  to  the  problem  of 
invertibility  stated  in  [2]. 

In  the  next  section,  we  introduce  the  mathematical  framework  considered  in  this 
paper  and  summarize  those  parts  of  our  previous  work  that  will  be  used  in  the  sequel. 
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In  Section  3,  we  formulate  a  notion  of  modeUing  based  on  a  given  set  of  macro-events 
or  primitives,  which  allows  us  to  characterize  higher-level  models  of  BEDS.  In  Sec¬ 
tion  4,  motivated  by  flexible  manufacturing  systems,  we  define  tasks  as  primitives, 
introduce  notions  of  reachability  and  observability  of  tasks,  and  construct  task  com¬ 
pensators  and  detectors.  Using  these  components,  we  construct  an  overall  task-level 
control  system  which  accepts  task  requests  as  input  and  controls  the  system  to  achieve 
the  desired  sequence.  This  leads  to  a  simple  higher-level  model  whose  transitions  only 
involve  the  set-up  and  completion  of  tasks.  In  Section  5,  we  show  how  a  system  com¬ 
posed  of  m  subsystems  can  be  modelled  by  a  composition  of  the  higher-level  models 
of  each  subsystem.  Also,  we  illustrate  our  approach  using  a  simple  manufacturing 
example,  and  show  how  the  overall  control  of  the  task  sequence  of  this  system  can  be 
achieved  by  a  higher-level  control  acting  on  the  composite  task-level  model.  Finally, 
in  Section  6,  we  summarize  our  results  and  discuss  several  directions  for  further 
work. 
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2  Background  and  Preliminaries 

2.1  System  Model 

The  class  of  systems  we  consider  are  nondeterministic  finite-state  automata  with 
intermittent  event  observations.  The  basic  object  of  interest  is  the  quintuple: 

G  =  (A:,E,$,r,=)  (2.1) 

where  X  is  the  finite  set  of  states,  with  n  =  |Jr|,  S  is  the  finite  set  of  possible  events, 
$  C  S  is  the  set  of  controllable  events,  F  C  S  is  the  set  of  observable  events,  and 
H  C  S  is  the  set  of  tracking  events.  Also,  let  U  =  2^  denote  the  set  of  admissible 
control  inputs  consisting  of  a  specified  collection  of  subsets  of  S.  The  dynamics  defined 
on  G  are  as  follows,  where  $  denotes  the  complement  of 


[k  +  1] 

E  f{x[k],<7[k  +  l]) 

(2.2) 

[fc-fl] 

E  (d(a;[fe])  D  u[^])  U  (d(a;[A:])  n  #) 

(2.3) 

Here,  x[k]  EX  is  the  state  after  the  A:th  event,  (T[k]  €  S  is  the  (k  -1-  l)st  event, 
and  u[k]  E  U  is  the  control  input  after  the  ^th  event.  The  function  d  :  X  — 2^  is 
a  set-valued  function  that  specifies  the  set  of  possible  events  defined  at  each  state 
(so  that,  in  general,  not  all  events  are  possible  from  each  state),  and  the  function 
f  :  X  X  E  X  is  also  set-valued,  so  that  the  state  following  a  particular  event 
is  not  necessarily  known  with  certainty.  We  assume  that  $  C  F.  This  assumption 
simplifies  the  presentation  of  our  results,  but  it  is  possible  to  get  similar  results,  at 
a  cost  of  additional  computational  complexity,  if  it  is  relaxed. 

Our  model  of  the  output  process  is  quite  simple:  whenever  an  event  in  F  occurs, 
we  observe  it;  otherwise,  we  see  nothing.  Specificedly,  we  define  the  output  function 
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^  :  S  ^  r  U  {e},  where  e  is  the  “nxill  transition”,  by 

\  a  if  cr  G  r 

h{a)  =  (2.4) 

I  e  otherwise 

Then,  our  output  equation  is 

7[fc  +  1]  =  h{a[k  +  1])  (2.5) 

Note  that  h  can  be  thought  of  as  a  map  from  E*  to  F*,  where  F*  denotes  the  set  of  all 
strings  of  finite  length  with  elements  in  F,  including  the  empty  string  e.  In  particular, 
h{(ri  •  •  •  <Tn)  =  h{(7i)  •  •  •  h{crn). 

The  set  5,  which  we  term  the  tracking  alphabet,  represents  events  of  interest 
for  tracking  purposes.  This  formulation  allows  us  to  define  tracking  over  a  selected 
alphabet  so  that  we  do  not  worry  about  listing  intermediary  events  that  are  not 
important  in  tracking.  We  use  f  :  S*  — >  H*,  to  denote  the  projection  of  strings  over 
E  into  5*.  The  quintuple  A  =  {G,  f,d,h,t)^  representing  our  system  can  also  be 
visualized  graphically  as  in  Figure  2.1.  Here,  circles  denote  states,  and  events  are 
represented  by  arcs.  The  first  symbol  in  each  arc  label  denotes  the  event,  while 
the  symbol  following  “/”  denotes  the  corresponding  output.  Finally,  we  mark  the 
controllable  events  by  “:u”  and  tracking  events  by  “!”.  Thus,  in  this  example,  X  = 
{0, 1,2,3},  E  =  {a, $  =  {^1,^2},  F  =  {^, and  =  {o:, ^1,^2}- 
There  are  several  basic  notions  that  we  will  need  in  our  investigation.  The  first 
is  the  notion  of  liveness.  Intuitively,  a  state  is  alive  if  it  cannot  reach  any  state  at 
which  no  event  is  possible.  That  is,  a;  G  X  is  alive  if  Vy  G  R{A,  a:),  d{y)  0.  Also,  we 
say  that  Q  C  AT  is  alive  if  all  a:  G  Q,  are  alive,  and  we  say  that  A  is  alive  if  X  is  alive. 

®On  occasion,  we  will  construct  auxiliary  automata  for  which  we  will  not  be  concerned  with  either 
control  or  tracking.  In  such  cases  we  will  omit  e  and  t  from  the  specification. 
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Figure  2.1:  A  Simple  Example 

We  will  assume  that  this  is  the  case,  A  second  notion  that  we  need  is  the  composition 
of  two  automata.  A;  =  {Gi,fi,di,hi)  which  share  some  common  events.  Specifically, 
let  5'  =  Si  n  S2  and,  for  simplicity,  assume  that  rinS'  =  r2n5'  (i.e.,  any  shared 
event  observable  in  one  system  is  also  observable  in  the  other),  $1  n  S'  =  $2^6', 
and  El  n  5  =  E2  D  S'.  The  d5mamics  of  the  composition  are  specified  by  allowing 
each  automaton  to  operate  as  it  would  in  isolation  except  that  when  a  shared  event 
occurs,  it  must  occur  in  both  systems.  Mathematically,  we  denote  the  composition  by 
Ai2  =  Ax  II  A2  =  {Gx2,  fx2,dx2,hx2,tx2),  where 


Gx2  = 

{Xx  X  A"2,  Si  U  S2,  $1  U  #2?  Ti  U  r2,  U  ^^2) 

(2.6) 

II 

fxixx,cr)  X  f2ix2,cr) 

(2.7) 

dx2{x)  = 

{dx{xx)  n  S')  U  {d2(x2)  n  5)  U  (di(a:i)  fl  ^2(0:2)) 

(2.8) 

hx{<j)  if  <7  e  Fl 

hx2{<y)  = 

'  h2{cr)  ifcrer2 

(2.9) 

e  otherwise 
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tl2(<T)  = 


ti{<r)  ifcrGSi 
'  t2{cr)  if  <7  e  E2 
e  otherwise 


(2.10) 


Here  we  have  extended  each  /,  to  all  of  Sj  US2  in  the  trivial  way,  namely,  fi{xi,  a)  —  Xi 
if  cr  ^  Ej.  Note  also  that  hi2  and  ^12  are  well-defined. 


2.2  Languages 

Let  L  be  a  regular  language  over  an  alphabet  E  (see  [8]).  As  in  [8],  let  {Al,xo)  be  a 
minimal  recognizer  for  L.  Given  a  string  s  G  L,  if  5  =  pqr  for  some  p,  q  and  r  over  E 
then  we  say  that  p  is  a  prefix  of  s  and  r  is  a  suffix  of  s.  We  also  use  s/pq  to  denote 
the  suffix  r.  Also,  we  say  that  g  is  a  substring  of  s.  Finally,  we  need  the  following 
characterization  of  the  notion  of  liveness  in  the  context  of  languages: 

Definition  2.1  Given  L,  s  e  L  has  an  infinite  extension  in  L  if  for  ali  integers  i  >  |s|, 
there  exists  r  e  L,  \r\  =  i  such  that  s  is  a  prefix  of  r.  L  is  prefix  ciosed  if  aii  the 
prefixes  of  any  s  £  L  are  aiso  in  L.  L  is  a  compiete  ianguage  if  each  string  in  L 
has  an  infinite  extension  in  L  and  L  is  prefix  closed.  □ 

For  any  language  L,  we  let  denote  the  prefix  closme  of  L,  i.e. 

=  {p  G  E*|p  is  a  prefix  of  some  s  £  L}  (2.11) 

2.3  Forced  Events 

In  our  development  we  will  find  it  necessary  to  construct  automata  in  which  certain 
events  can  be  forced  to  occur  regardless  of  the  other  events  defined  at  the  current 
state  and  in  fact  can  only  occur  if  they  are  forced.  The  following  shows  that  we  can 


2  BACKGROUND  AND  PRELIMINARIES 


8 


capture  forced  events  in  our  present  context  with  a  simple  construction.  Given  x  G  X 
let  di{x)  denote  the  set  of  forced  events  defined  at  x  and  let  d2{x)  denote  the  other 
events  (controllable  or  uncontrollable)  defined  at  x.  We  introduce  a  new  controllable 
event  fi  and  a  new  state  x'  as  follows:  We  redefine  d(a:)  as  di{x)\Jfj,  so  that  all  events 
defined  at  x  are  now  controllable  and  we  define  f{x,n)  =  {a;'}.  Also,  we  define 
d{x')  =  ^2(0:)  so  that  f{x',(T)  =  f{x,cr)  for  all  cr  G  d2{x).  If  in  addition,  we  impose 
the  restriction  that  only  one  event  can  be  enabled  at  a  time  at  state  x,  then  we  can 
treat  forced  events  as  controllable  events  in  our  framework.  Thus,  if  we  decide  to 
force  an  event  at  x,  then  we  enable  only  that  event,  and  if  we  decide  not  to  force  any 
events,  then  we  enable 

2.4  Stability  and  Stabilizabiiity 

In  [6],  we  define  a  notion  of  stability  which  requires  that  trajectories  go  through  a 
given  set  E  infinitely  often: 

Definition  2.2  Let  £)  be  a  specified  subset  of  X.  A  state  a;  €  X  is  £'-pre-stabie  if 
there  exists  some  integer  i  such  that  every  trajectory  starting  from  x  passes  through 
E  in  at  most  i  transitions.  The  state  x  e  X  is  Jg-stabie  if  A  is  alive  and  every  state 
reachable  from  x  is  Jg-pre-stable.  The  DEDS  is  jg-stable  if  every  a;  6  X  is  Jg-stable 
(Note  that  Jg-stability  for  all  of  A  is  identical  to  Jg-pre-stability  for  all  of  A).  □ 

By  a  cycle,  we  mean  a  finite  sequence  of  states  a;i,  a:2, . . .  Xk,  with  x*  =  xi,  so  that 
there  exists  an  event  sequence  s  that  permits  the  system  to  follow  this  sequence  of 
states.  In  [6]  we  show  that  jg-stability  is  equivalent  to  the  absence  of  cycles  that  do 
not  pass  through  E.  We  refer  the  reader  to  [6]  for  a  more  complete  discussion  of  this 
subject  and  for  an  0{n^)  test  for  £?-stability  of  a  DEDS.  Finally,  we  note  that  in  [6] 
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and  Definition  2.2  we  require  livenes  in  order  for  a  system  to  be  stable.  However, 
on  occasion,  in  this  paper  (see,  for  example,  the  following  section  on  the  tracking 
alphabet),  it  is  useful  to  allow  trajectories  to  die  provided  that  they  die  in  E.  It  is 
straightforward  to  check  that  all  of  our  resxilts  in  [6]  also  hold  for  this  slightly  more 
general  notion  of  stability. 

In  [6],  we  also  study  stabilization  by  state  feedback.  Here,  a  state  feedback  law 
is  a  map  K  :  X  —*  U  and  the  resulting  closed-loop  system  is  Ak  =  (G,  f,dK,h,t) 
where 

^Ki^)  =  (d(x)  n  K{x))  U  {d{x)  n  $)  (2.12) 

Definition  2.3  A  state  x  e  X  is  -E-pre-stabilizable  (respectively,  E-stabilizable)  if 
there  exists  a  state  feedback  K  such  that  x  is  J5-pre-stable  (respectively,  E-stable) 
in  Ak-  The  DEDS  is  E-stablilizable  if  every  x  €  X  is  E-stabilizable.  □ 

If  A  is  E-stabilizable,  then  (as  we  show  in  [6]),  there  exists  a  state  feedback  K  such 
that  Ak  is  E-stable.  We  refer  the  reader  to  [6]  for  a  more  complete  discussion  of  this 
subject  and  for  an  O(n^)  test  for  E-stabilizability  of  a  DEDS,  which  also  provides  a 
construction  for  a  stabilizing  feedback. 

2.5  Tracking  Alphabet 

The  tracking  alphabet  E  provides  the  flexibility  to  specify  strings  that  we  desire  to 
track  over  an  alphabet  which  may  be  much  smaller  than  the  entire  event  alphabet 
S.  Note  that  if  there  exists  a  cycle  in  A  that  consists  solely  of  events  that  are  not 
in  E,  then  the  system  may  stay  in  this  cycle  indefinitely,  generating  no  event  in  E. 
To  avoid  this  possibility,  we  assume  that  it  is  not  possible  for  our  DEDS  to  generate 
arbitrarily  long  sequences  of  events  in  E.  A  necessaiy  and  sufficient  condition  for 
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checking  this  is  that  if  we  remove  the  events  in  H,  the  resulting  automaton  A|H  must 
be  D( -stable,  where 

Dt  =  {xe  X\d{x)  C  H}  (2.13) 

This  is  not  difficult  to  check  and  will  be  assumed. 

2.6  Invariance 

In  [6],  we  define  the  following  notion  of  dynamic  invariace  in  order  to  characterize 
stability  in  terms  of  pre-stability: 

Definition  2.4  A  subset  Q  of  X  is  f-invariant  if  f{Q,  d)  cQ  where 

nQ,d)=  u  /(*.<'(*)) 

□ 

In  [6]  we  show  that  the  maximal  stable  set  is  the  maximal  /-invariant  set  in  the 
maximal  pre-stable  set. 

In  the  context  of  control,  the  following  notion,  also  presented  in  [6],  is  a  well- 
known  extension  of  f-invariance: 

Definition  2.5  A  subset  of  X  is  (/,M)-invariant  if  there  exists  a  state  feedback  K 
such  that  Q  is  /-invariant  In  Ak-  □ 

However,  recall  that  in  general  we  also  need  to  preserve  liveness.  Thus  we  have  the 
following: 

Definition  2.6  A  subset  Q  of  X  is  a  sustainably  (/,u)-invariant  set  if  there  exists  a 


state  feedback  K  such  that  Q  is  alive  and  /-invariant  in  Ak- 


□ 
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Given  any  set  V  C  X,  there  is  a  maximal  sustainably  (f,u)-invariant  subset  W  of  V 
with  a  corresponding  unique  minimally  restrictive  feedback  K.  That  is  K  disables 
as  few  events  as  possible  in  order  to  keep  the  state  within  W. 

2.7  Observability  and  Observers 

In  [3],  we  term  a  system  observable  if  the  current  state  is  known  perfectly  at  in¬ 
termittent  but  not  necessarily  fixed  intervals  of  time.  Obviously,  a  necessary  condi¬ 
tion  for  observability  is  that  it  is  not  possible  for  our  DEDS  to  generate  arbitrarily 
long  sequences  of  unobservable  events,  i.e.,  events  in  F,  the  complement  of  F.  A 
necessary  and  sufficient  condition  for  checking  this  is  that  if  we  remove  the  observ¬ 
able  events,  the  resulting  automaton  A|F  =  {G,f,d  fl  T,h,t)  must  be  Do-stable, 
where  Do  is  the  set  of  states  that  only  have  observable  transitions  defined,  i.e.. 
Do  =  {x  €  A'|d(a;)  PI  F  =  0}.  This  is  not  difficult  to  check  and  will  be  assumed. 

Let  us  now  introduce  some  notation  that  we  will  find  useful: 

•  Let  X  y  denote  the  statement  that  state  y  is  reached  from  x  via  the  occurence 
of  event  sequence  s.  Also,  let  x  — >*  y  denote  that  x  reaches  y  in  any  number  of 
transitions,  including  none.  For  any  set  Q  C  X  we  define  the  reach  of  Q  in  A 


as: 

i?(A,  Q)  =  {y  ^  XIBr  €  Q  such  that  x  y}  (2-14) 

Yo  =  {a:  G  X|  e  A',(7  €  S,  such  that  x  G  /(y,7)}  (2.15) 

Yx  =  {a;  G  G  ^,7  G  F,  such  that  a;  G /(y,7)}  (2.16) 

Y  =  YoUYi  (2.17) 


•  Let 
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Thus,  Y  is  the  set  of  states  x  such  that  either  there  exists  an  observable  tran¬ 
sition  defined  from  some  state  y  to  a;  (as  captured  in  Fi)  or  x  has  no  transitions 
defined  to  it  (as  captured  in  lo).  Let  q  =  |y|. 

•  Let  L{A,x)  denote  the  language  generated  by  A,  from  the  state  x  e  X,  i.e., 
L{A,x)  is  the  set  of  all  possible  event  trajectories  of  finite  length  that  can  be  gen¬ 
erated  if  the  system  is  started  from  the  state  x.  Also,  let  L{A)  =  Uxex  L{A,  x) 
be  the  set  of  all  event  trajectories  that  can  be  generated  by  A. 

In  [3],  we  present  a  straightforward  design  of  an  observer  that  produces  “esti¬ 
mates”  of  the  state  of  the  system  after  each  observation  7  [A:]  G  F.  Each  such  estimate 
is  a  subset  of  Y  corresponding  to  the  set  of  possible  states  into  which  A  transi¬ 
tioned  when  the  last  observable  event  occurred.  Mathematically,  if  we  let  a  function 
X  ;  h{L(A))  — >  2^  denote  the  estimate  of  the  current  state  given  the  observed  output 
string  t  E  h{L{A)),  then 

x{t)  =  {x  E  Y\3y  E  X  and  s  E  Lf{A,y)  such  that  h{s)  =  t  and  x  E  f{y,s)}  (2.18) 

The  observeris  a  BEDS  which  realizes  this  function.  Its  state  space  is  a  subset  Z 
of  2^,  and  its  full  set  of  events  and  set  of  observable  events  are  both  F.  Suppose 
that  the  present  observer  estimate  is  x[^]  E  Z  and  that  the  next  observed  event  is 
■jlk  +  1].  The  observer  must  then  account  for  the  possible  occurence  of  one  or  more 
unobservable  events  prior  to  '■f[k  +  1]  and  then  the  occurrence  of  'y[k  -f  1]: 

x[k  -M]  =  ■u;(x[A;],  7[fc  -1- 1])  =  Uxen(^|r,£W)  7[^  +  1])  (2-19) 

'r[k  + 1]  E  t;(x[fc])  =  /i(Ux€«(>i|r,£[fc])  d{^))  (2-20) 

The  set  Z  is  then  in  the  reach  of  {F}  using  these  dynamics,  i.e.,  we  start  the  observer 
in  the  state  corresponding  to  a  complete  lack  of  state  knowledge  and  let  it  evolve. 
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Our  observer  then  is  the  BEDS  O  =  (F,  w,  v,  i),  where  F  =  {Z,  F,  F)  and  i  is 
the  identity  output  function.  In  some  cases,  we  will  treat  the  observer  as  a  controlled 
system  and  discuss  stabilizing  it.  Then,  Equation  2.20  becomes 

7[fe  +  1]  E  u(s[A;])  =  /i(Ua:g/i(A|r,£[ik])(^(a;)  n  u[fc])  U  {d{x)  fl  $))  (2.21) 

In  [3],  we  show  that  a  system  A  is  observable  iff  O  is  stable  with  respect  to  its 
singleton  states.  We  also  show  that  if  A  is  observable  then  all  trajectories  from  an 
observer  state  pass  through  a  singleton  state  in  at  most  (f  transitions. 

In  [3]  we  also  define  a  notion  of  recurrency.  In  particular,  we  say  that  a  state  x  is 
a  recurrent  state  if  it  can  be  reached  by  an  arbitrarily  long  string  of  events.  We  let 
Zr  denote  the  set  of  recurrent  states  of  the  observer  O. 

2.8  Compensators 

In  [5],  we  define  a  compensator  as  a  map  C  :  X  x'E*  U  which  specifies  the  set 
of  controllable  events  that  are  enabled  given  the  current  state  and  the  entire  event 
trajectory  up  to  present  time.  Given  a  compensator  C,  the  closed  loop  system  Ac  is 
the  same  as  A  but  with 

(T[k  +  1]  E  dc(x[k],  s[fc])  =  {d{x[k])  fl  C{x[k],  s[I;]))  U  {d{x)  fl  $)  (2.22) 

where  s[k]  =  (t[0]  •  •  •cr[A:]  with  <t[0]  =  e.  Here  we  have  somewhat  modified  notation 
in  that  we  allow  dc  to  depend  both  on  rffc]  and  s[k].  It  is  not  difficult  to  show  that 
we  can  always  write  Ac  as  an  automaton  (with  corresponding  “d”  depending  only 
on  the  state),  which  will  take  values  in  an  expanded  state  space,  representing  the 
cross-product  of  the  state  spaces  of  A  and  C.  For  an  arbitrary  choice  of  C,  its  state 
space  (i.e.,  an  automaton  realizing  the  desired  map)  may  be  infinite.  As  show  in  [5] 
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for  oxir  purposes  we  can  restrict  attention  to  compensators  which  can  be  realized  by 
finite  state  machines. 

In  [4]  we  define  an  output  compensator  as  a  map  C  :  F*  ^  U.  Then,  the  closed 
loop  system  Ac  is  the  same  as  A  but  with: 

a[k  +  1]  e  dc{x[kl  s[jfc])  =  (d(x[A:])  Cl  C{h{s[k])))  U  {d{x)  n  ¥)  (2.23) 

One  constraint  we  wish  to  place  on  our  compensators  is  that  they  preserve  liveness. 
Thus,  suppose  that  we  have  observed  the  output  string  s,  so  that  our  observer  is  in 
x(s)  and  our  control  input  is  C(s).  Then,  we  must  make  sure  that  any  x  reachable 
from  any  element  of  x(s)  by  unobservable  events  only  is  alive  under  the  control  input 
C{s).  That  is,  for  all  x  €  i2(A|r,x(s)),  dc{x,s)  should  n^  be  empty.  This  leads  to 
the  following: 

Definition  2.7  Given  Q  c  X,  F  c  F  \s  (g-compatible  if  for  all  x  e  R{A\T,Q), 
{d{x)  n  F)  u  (d(a:)  D  ¥)  0.  An  Observer  feedback  K  :  Z  U  \s  A-compatible  if 
for  all  X  e  K{x)  is  x-compatible.  A  compensator  C  :T*  -^U  \s  A-compgtible  if 
for  all  s  e  h{L{A)),  C{s)  is  x(s)-compatible.  □ 

2.9  Stabilization  by  Output  Feedback 

In  [4]  we  define  a  notion  of  stabilization  by  output  feedback  which  requires  that  we  can 
force  the  trajectories  to  go  through  E  infinitely  often  using  an  output  compensator: 

Definition  2.8  A  is  output  stabilizable  (respectively,  output  pre-sta-bilizable)  with 
respect  to  E  if  there  exists  an  output  compensator  C  such  that  Ac  is  F-stable 
(respectively,  F-pre-stable).  We  term  such  a  compensator  an  output  stabilizing 
(respectively,  output  pre-stabilizing)  compensator.  □ 
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Note  that  this  definition  implicitly  assumes  that  there  exists  an  integer  Ug  such  that 
the  trajectories  in  Ac  go  through  £  in  at  most  Ug  observable  transitions.  In  [4] 
we  show  that  Ug  is  at  most  and,  using  this  boimd,  we  show  that  output  pre- 
stabihzabihty  and  liveness  are  necessary  and  sufficient  for  output  stabilizability,  as 
is  the  case  for  stabihzability  and  pre-stabilizability. 

2.10  Eventual  Restrictability 

In  [5]  we  define  a  notion  of  restrictability  which  requires  that  we  can  force  the  system 
to  generate  strings  in  a  desired  language  defined  over  5: 

Definition  2.9  Given  x  £X  and  a  complete  language  L  over  E,  x  is  L-restrictable 
if  there  exists  a  compensator  C  :  X  x  S*  ->■  t/  such  that  the  closed  loop  system 
Ac  is  olive  and  t(L{Ac,x))  c  L.  Given  Q  c  X.Q\^  L-restrictoble  if  oil  a;  g  Q  ore 
X-restrictoble.  Finally,  A  is  X-restrictoble  if  X  is  X-restrictoble.  □ 

We  also  define  a  notion  of  eventual  restrictability  which  requires  that  we  can  restrict 
the  system  behavior  in  a  finite  number  of  transitions.  In  the  following,  (E  U 
denotes  the  set  of  strings  over  E  that  have  length  at  most 

Definition  2.10  Given  x  &  X  and  o  complete  language  L  over  E.  x  is  eventually  L- 
restrictable  if  there  exists  an  integer  and  a  compensator  C  :  X  x  S*  ->  C/  such 
that  the  closed  loop  system  Ac  is  alive  and  f(L(Ac,a;))  c  (E  u  Given 

Q  C  X,  Q  is  eventually  X-restrictable  if  a\\  x  e  Q  are  eventually  i-restrictable. 
Finally,  A  is  eventually  -L-restrictable  if  X  is  eventually  L-restrictable.  □ 


We  refer  the  reader  to  [5]  for  a  more  complete  discussion  of  this  subject.  We  now  turn 
our  attention  to  eventual  restrictability  using  an  output  compensator.  The  following. 
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although  not  included  in  [5],  is  a  straightforward  use  of  tools  that  we  have  developed 
in  [4]  and  [5]: 

Deflnition  2.1 1  Given  a  complete  language  L  over  H  we  say  that  A  is  eventually 
L-restrictable  by  output  feedback  if  there  exists  an  integer  Uo  and  an  output  com¬ 
pensator  C  :  T*  U  such  that  Ac  is  alive  and  for  all  x  e  X,  t{L{Ac,x))  c 
(S  u  {e})^°L.  Such  a  (7  is  called  an  X-restrictability  compensator.  □ 

We  construct  a  test  for  eventual  restrictability  by  output  feedback  as  follows:  Given 
L,  let  {Al,  Xq)  be  a  minimal  recognizer  for  L  and  let  denote  its  state  space.  Let 
be  an  automaton  which  is  the  same  as  Ai  except  that  its  state  space  is  Z'j^  =  ZlO  {6} 
where  6  is  a  state  used  to  signify  that  the  event  trajectory  is  no  longer  in  L,  This  is 
the  state  we  wish  to  avoid.  Also,  we  let  d']^{x)  =  E  for  all  a:  G  2'£,  and 

,  Mx.cr)  if  X  ^  b  and  cr  e  dcix) 

(2-24) 

{6}  otherwise 

k. 

Let  O  denote  the  observer  for  A,  let  A{L)  =  A  ||  A£,  and  let  0{L)  =  (G{L),wj:,,vc) 
denote  the  observer  for  A(L);  however,  in  this  case,  since  we  know  that  we  will  start 
A£  in  Xq,  we  take  the  state  space  of  0{L)  as 

Z{L)  =  RiO{L),  {{4}  X  x\x  e  Z})  (2.25) 


Vo=  {z  e  Z{L)  \  for  all  {xl,xa)  E  z,xl^  b} 


(2.26) 


Let  E{L)  be  the  largest  subset  of  K  which  is  sustainably  (f,u)-invariant  in  0{L)  and 
for  which  the  associated  unique  minimally  restrictive  feedback  has  the  property 
that  for  any  z  G  Z{L),  K^^{z)  is  r(z)-compatible  where 


x{z)  =  {x  G  X\3xl  G  Zl  such  that  {x^,  x)  G  z} 


(2.27) 
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The  construction  of  E{L)  and  is  a  slight  variation  of  the  algorithm  in  [6]  for  the 
construction  of  maximal  sustainably  (f,u)-mvariant  subsets.  Specifically,  we  begin 
with  any  state  z  G  K-  If  there  are  any  uncontrollable  events  taking  z  outside  K. 
we  delete  z  and  work  with  Vi  =  K  \  {^}-  If  not,  we  disable  only  those  controllable 
events  which  take  z  outside  Vo.  If  the  remaining  set  of  events  defined  at  z  is  not 
^(i)-compatible,  we  delete  z  and  work  with  Vi  =  K)  \  {i}.  If  not,  we  tentatively 
keep  z  and  choose  another  element  of  Vg.  In  this  way,  we  continue  to  cycle  through 
the  remaining  elements  of  Vo.  The  algorithm  converges  in  a  finite  number  of  steps 
(at  most  |Kp|)  to  yield  E{L)  and  defined  on  E{L).  For  z  G  E{L),  we  take 
K^^{z)  =  S  so  that  no  events  are  disabled. 

Consider  next  the  following  subset  of  E{L): 

EoiL)  =  {xe  Z\x^  XX  e  E{L)}  (2.28) 

Then, 

Proposition  2.12  Given  a  complete  language  L  over  A  is  eventually  L-restrictable 
by  output  feedback  iff  there  exists  an  A-compatible  state  feedback  K  :  Z  U 
such  that  the  closed  loop  system  Ok  is  Eo(i)-pre-stable. 

Proof;  (-^)  Straightforward  by  assuming  the  contrary. 

(+— )  Let  us  prove  this  by  constructing  the  desired  compensator  C  :  T*  U:  Given 
an  observation  sequence  s,  we  trace  it  in  O  starting  from  the  initial  state  {F}.  Let 
X  be  the  current  state  of  O  given  s.  There  are  two  possibilities: 

1.  Suppose  that  the  trajectory  has  not  yet  entered  Eo{L).  Then  we  use  O  and  the 
£o(7/)-pre-stabihzing  feedback  K  to  compute  (7(5).  In  particular, 

(7(5)  =  (f  (i)  n  /'f(®))  U  (u(:r)  n  #) 
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2.  When  the  trajectory  in  O  enters  Eo{L),  we  switch  to  using  the  expanded  ob¬ 
server  0{L)  and  In  particular,  let  x'  be  the  state  the  trajectory  in  O 

enters  when  it  enters  Eo{L)  for  the  first  time,  and  let  s'  be  that  prefix  of  s  which 
takes  {F}  to  x'  in  O.  Then,  we  start  Ol  at  the  state  Xq  xx'  €  E{L),  and  let  it 
evolve.  Suppose  that  s/s'  takes  Xq  x  x'  to  z  in  0{L),  then 

(^(s)  =  {vl{z)  n  u  {vi,{z)  n  $) 

Since  this  feedback  keeps  the  trajectory  of  O  in  E{L)  and  E{L)  C  Vo,  the  behavior 
of  A  is  restricted  as  desired.  □ 

Note  that  since  E{L)  is  the  maximal  sustainably  (f,u)-invariant  subset  of  K  and  if 
is  unique,  the  possible  behavior  of  an  L-restrictable  state  x  in  the  closed  loop  system 
constructed  in  the  proof  is  the  maximal  subset  of  i  to  which  the  behavior  of  x  can  be 
restricted.  Note  also  that  if  Eo  =  0,  then  O  cannot  be  jBo(^)-pi'e-stabilizable  and  thus 
A  cannot  be  eventually  X-restrictable  by  output  feedback.  Finally,  if  A  is  eventually 
L-restrictable  by  output  feedback,  then  the  number  of  observable  transitions  until 
the  trajectory  is  restricted  to  L  is  at  most  Ug. 
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3  Characterizing  Higher-Level  Models 

In  this  section,  we  present  a  notion  of  higher-level  modelling  of  BEDS  based  on  a 
given  set  of  primitives,  each  of  which  consists  of  a  finite  set  of  tracking  event  strings. 
The  idea  here  is  that  the  occurrence  of  any  string  in  this  set  corresponds  to  some 
macroscopic  event,  such  as  completion  of  a  task,  and  it  is  only  these  macro-events 
that  we  wish  to  model  at  the  higher  level.  Our  modelling  concept  therefore  must 
address  the  issues  of  controlling  a  BEDS  such  that  its  behavior  is  restricted  to  these 
primitives  and  of  being  able  to  observe  the  occurrences  of  each  primitive.  In  this 
section  we  describe  precisely  what  it  means  for  one  BEBS  to  serve  as  a  higher-level 
model  of  another.  In  subsequent  sections  we  explicitly  consider  the  notion  of  tasks  and 
the  problems  of  controlling  and  observing  them  and  the  related  concept  of  procedures, 
defined  in  terms  of  sequences  of  tasks,  which  allows  us  to  describe  higher-level  models 
of  interconnections  of  BEBS,  each  of  which  can  perform  its  own  set  of  tasks. 

To  illustrate  our  notion  of  modelling,  consider  the  system  in  Figure  2.1  and  sup¬ 
pose  that  we  wish  to  restrict  its  behavior  to  (nA)*  by  output  feedback.  In  order  to 
do  this,  we  first  specify  Li  =  as  a  primitive.  For  this  example  it  is  possible, 
essentially  by  inspection,  to  construct  an  LJ'^-restrictability  compensator  C  :  F*  — >  £/ 
that  is  simpler  than  the  one  given  in  the  proof  of  Proposition  2.12.  Specifically,  we 
can  take  (7  to  be  a  function  of  the  state  of  an  automaton,  illustrated  in  Figure  3.1, 
constructed  from  the  observer  for  the  original  system  simply  by  deleting  the  events 
which  the  compensator  disables.  The  initial  state  of  this  system,  as  in  the  observer, 
is  (0,1,2),  and  for  any  string  s  the  compensator  value  (^(s)  is  a  function  of  the  state 
of  the  modified  observer.  For  example,  if  the  first  observed  event  is  S,  the  state  of  the 
system  in  Figure  3.1  is  (1,2).  In  the  original  BEBS  of  Figure  2.1  the  event  /?i  would 
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Figure  3.1:  Illustrating  the  Compensator  for  Eventual  Lj'^-Restrictability  by  Output 
Feedback 


Figure  3.2:  Model  of  Task  1 

be  possible  from  state  0;  however,  as  illustrated  in  Figure  3.1,  we  disable  so  that 
the  next  observable  event  will  either  be  S  (from  Qi)  or  ^2  (from  3  after  the  occurrence 
of  a  from  2).  It  is  not  difiicult  to  check  that  the  closed  loop  system  Ac  is  eventually 
iy*^-restricted,  and  thus  the  language  eventually  generated  by  Ac  can  be  modelled  at 
a  higher  level  by  the  automaton  in  Figure  3.2  for  which  V’l  represents  an  occurrence 
of  a^\. 

In  order  for  this  automaton,  with  V’l  observable,  to  truly  model  Ac,  it  must  be  true 
that  we  can  in  fact  detect  every  occurrence  oi  a ba  Ac,  perhaps  with  some  initial 
uncertainty,  given  the  string  of  observations  of  Ac.  For  example,  by  inspection  of 


3  CHARACTERIZING  HIGHER-LEVEL  MODELS 


21 


Figure  3.1,  if  we  observe  we  cannot  say  if  a/?i  has  occured  or  not,  but  if  we 
observe  we  know  that  a0i  must  have  occured  at  least  once.  Likewise,  ^2/?i 
corresponds  to  one  occurrence  of  a^i,  corresponds  to  two  occurrences  of 

a/3i,  etc.  In  general,  after  perhaps  the  first  occurrence  of  /3i,  every  occurrence  of 
corresponds  to  an  occurrence  of  a/3i  and  therefore,  we  can  detect  occurrences  of  t/>i 
from  observations  in  Ac-  The  definition  we  give  in  this  section  will  then  allow  us  to 
conclude  that  the  automaton  in  Figure  3.2  models  the  closed  loop  system  Ac- 

Tb  begin  our  precise  specification  of  higher-level  models,  let  us  first  introduce  a 
function  that  defines  the  set  of  strings  that  corresponds  to  a  primitive:  Given  alpha¬ 
bets  S'  and  H,  and  a  map  He'.'L'  2“*,  if  for  all  (7  G  S'  Hc{(t)  is  a  collection  of  finite 

length  strings,  then  we  term  a  primitive  map.  Here  cr  G  S'  is  the  macroscopic 
event  corresponding  to  the  set  of  tracking  strings  H{a)  in  the  original  model.  We  al¬ 
low  the  possibility  that  several  strings  may  correspond  to  one  macroscopic  primitive 
to  capture  the  fact  that  there  may  be  several  ways  to  complete  a  desired  task. 

We  will  require  the  following  property: 

Definition  3.1  A  primitive  map  is  termed  minimal  if  for  all,  not  necessarily  dis¬ 
tinct,  cTi,  (J2  G  S'  and  for  all  s  g  no  proper  suffix  of  5  is  in  He{cr2).  □ 

Given  a  primitive  map,  we  extend  it  to  act  on  strings  over  S'  as  follows:  We  let 
He{e)  —  e  and  He{so-)  =  He{s)He{a),  where  5  is  a  string  over  S'  and  a  is  an  element 
of  S'.  Also,  He{s)He{cr)  is  the  set  of  strings  consisting  of  all  possible  concatenations 
of  a  string  in  He{s)  followed  by  a  string  in  He{a).  We  use  the  same  S3Tnbol  to  denote 
He  and  its  extension  to  (S')*. 

Proposition  3.2  If  He  is  minimal  then  for  all  distinct  ri,r2  such  that  ri,r2^  t.  |ri|  < 
|r2|,  and  ri  is  not  a  suffix  of  r2,  E*He{ri)  n  3*He{r2)  =  0. 
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Proof:  Assxime  the  contrary,  and  let  5  G  Also  let  <Ti  (respectively, 

<72)  be  the  last  event  in  ri  (respectively,  72).  There  are  two  cases  here:  First,  suppose 
that  cTi  ^  <72.  Then,  there  exist  distinct  p\  G  He{o-i)  and  p2  €  H^{ct2)  such  that  both 
Pi  and  P2  are  suffixes  of  s.  Assume,  without  loss  of  generality,  that  |pi|  <  |p2|,  then 
Pi  is  also  a  suffix  of  p2.  But  then,  He  cannot  be  minimal.  Now,  suppose  that  a\  =  (72. 
Thanks  to  minimahty,  among  all  elements  oi  He{cr\),  only  one  string,  say  p  can  be  a 
suffix  of  s.  Let  s'  be  that  prefix  of  s  such  that  p  =  sj s'.  Then,  repeat  the  previous 
steps  using  s',  and  all  but  the  last  elements  of  ri  and  r2.  Since  ri  and  72  are  distinct, 
and  ri  is  not  a  suffix  of  72,  <7i  will  be  different  from  <72  at  some  step  and  then  we  will 
establish  a  contradiction.  Therefore,  H  3*He{r2)  =  0.  □ 

The  following  result  states  that  we  can  concatenate  minimal  primitive  maps  while 
preserving  minimality: 

Proposition  3.3  Given  minimal  ifi  :  S2  — >  2^*  and  H2  :  T,z  if  we  define 

Hz  :  S3  2^^  SO  that  Hz{or)  =  Hi{H2{<t))  for  all  a  G  S3,  then  Hz  is  a  minimal 
primitive  map.  Here,  since  Hzicr)  is  a  set  of  strings,  Hi{H2{(7))  is  the  set  of  strings 
resulting  from  applying  Hi  to  each  string  in  if2 (<?■)• 

Proof:  Assume  contrary,  then  there  exists,  <7i,a2  G  S3,  s  G  Hz{cri),  and  a  suffix  r 
of  s  so  that  7  G  Hz{<72).  Let  s'  G  G  Hzicrz)  such  that  s  G  Hi{s')  and 

7  G  Hi{r').  Then,  by  minimality  of  H2,  r'  cannot  be  a  suffix  of  s'  and  5'  cannot  be 
a  suffix  of  r'  either.  Also,  since  7  is  a  suffix  of  s,  s  G  Siifi(7').  Then,  thanks  to 
Proposition  3.2,  Hi  cannot  be  minimal,  and  we  establish  a  contradiction.  Therefore, 
Hz  must  be  minimal.  □ 

Now,  let  us  proceed  with  defining  oxu*  notion  of  modelling.  In  particular,  given 
two  automata  A  =  {G,f,d,h,t)  and  A'  =  {G',f',d',h',t'),  we  wish  to  specify  when 
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A'  is  an  ffg-model  of  the  system  A,  where  ife  :  S'  -+  H  is  a  minimal  primitive  map. 
Two  important  properties  that  we  will  require  of  our  models  are  the  following: 

1.  Restrictability:  We  will  require  that  if  we  can  restrict  the  behavior  of  the  macro¬ 
scopic  model  to  some  complete  language  L  C  S'*,  then  we  can  also  restrict  the 
original  system  to  He(LY.  Note  that  we  have  defined  L  over  S',  instead  of  S'. 
Roughly  speaking,  we  have  done  this  since  if  all  languages  of  interest  are  over 
the  higher-level  tracking  alphabet  S',  then  we  can  perhaps  choose  a  simpler 
macroscopic  model  completely  over  S'.  However,  the  alphabet  S'  will  still  be 
useful  m  defining  different  levels  of  modelling  (see  Proposition  3.6). 

2.  Detectability  We  will  also  require  that  for  any  lower-level  string  s  in  L{A)  such 
that  t{s)  is  in  He{p)  for  some  string  p  in  the  macroscopic  system, 

(a)  we  can  reconstruct  p,  after  some  delay,  using  the  lower-level  observation 
h{s)  of  s,  and 

(b)  for  any  string  r  so  that  5  is  a  suffix  of  r,  the  reconstruction  acting  on  h{r) 
results  in  a  string  that  ends  with  the  reconstruction  of  h{s). 

Note  that  minimality  implies  the  following:  If  we  let  H~^{t{s))  denote  the  set 
of  strings  p  €  S'*  such  that  t{s)  G  He{p),  then,  thanks  to  minimahty, 
is  single  valued.  Thus,  in  order  to  satisfy  the  first  condition  of  detectability, 
we  need  to  be  able  to  reconstruct  from  h{s).  The  second  condition 

deals  with  the  issue  of  start-up.  Specifically,  in  our  framework  of  eventual 
restrictability,  we  allow  for  the  possibihty  of  a  transient  start-up  period  in  which 
the  lower-level  may  generate  a  short  tracking  event  sequence  that  does  not 
correspond  to  any  primitive.  What  (b)  requires  is  that  the  reconstruction  can 
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recognize  and  “reject”  such  finite  length  start-up  strings. 

Definition  3.4  Given  two  DEDS  A  and  N.  and  a  minimal  primitive  map  H^-.V 
2“*,  we  say  that  A!  is  an  ffe -model  of  A  if  there  exists  a  map  Ho  :  T*  S'*  and 
an  integer  such  that^: 

1 .  Restrictability:  For  all  complete  L  c  S'*  such  that  A'  is  eventually  Z-restrictable, 
A  is  eventually  i?e(L)'=-restrictable  by  output  feedback. 

2.  Detectability:  For  all  s  e  L{A),  such  that  t{s)  e  H^ip)  for  some  p  G  L{A'), 

(a)  p  G  (S'  u  and 

(b)  for  all  r  G  S*5,  Hoih{r))  G  i:'*Ho{h{s)). 

□ 


Note  that  this  concept  of  modelling  provides  a  method  of  both  spatial  and  temporal 
aggregation,  as  we  will  see,  since  A'  may  frequently  be  constructed  to  have  many 
fewer  states  than  A  and  sets  of  strings  in  A  can  be  represented  by  a  single  event  in 
A'.  For  example,  all  states  in  Figure  2.1  are  represented  by  a  single  state  in  Figure 
3.2,  and  a/?i  is  represented  by  V’l- 

The  following  result,  which  immediately  follows  from  Definition  3.4,  states  that 
the  concept  of  modelling  is  invariant  under  compensation: 


^We  have  chosen  in  our  definition  to  look  at  the  larger  class  of  macroscopic  languages  to  which 
A  is  eventually  restrictable  by  full  state  feedback,  rather  than  only  with  output  feedback.  All  of  our 
results  carry  over  if  we  use  this  weaker  notion  of  restrictability  at  the  higher  level.  Similarly  in  our 
definition  of  detectability  we  have  required  the  stronger  condition  that  from  lower  level  observations, 
we  can  reconstruct  the  entire  upper-level  event  trajectory,  not  just  the  part  in  F'.  Again,  we  can 
carry  all  of  our  development  over  to  the  weaker  case.  As  we  will  see,  this  stronger  definition  suffices 
for  our  purposes 
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Proposition  3.5  If  A'  is  an  H^-rDodiel  of  A  then  for  any  compensator  C  :  T'*  ->  U' 
for  A',  there  exists  a  compensator  C  :T*  -^U  ior  A  such  that  A'c,  is  an  J^e-nnodel 
of  Ac  with  the  same  Ho.  □ 

In  general,  we  may  be  interested  in  several  different  levels  of  aggregation.  Thus, 
we  need  the  following  result  which  states  that  a  higher-level  model  also  models  au¬ 
tomata  at  all  lower  levels: 

Proposition  3.6  Given  the  automata  A  =  A'  =  {G',  and 

A"  =  {G",f",d",  and  minimal  primitive  maps  if'  :  S'  2“*  and  H'J  :  S"  -> 
2“'*,  so  that  A'  is  an  if'-modei  of  A  with  H'^  and  A"  is  an  if''-modei  of  A'  with 
H'J,  define  tt  :  E'  ^  2^'*  so  that  x(cr)  =  U  for  <t  g  H'  and  define 

He  :  S"  ->  2-  as  Heia)  =  ff^7r(if''(a)))  for  <7  G  S".  Then, 

1 .  ife  is  a  minimal  primitive  map. 

2.  A"  is  an  He-mo6e\  of  A  with  Ho{s)  =  H'J{h'{H'o{s)))  for  all  seT*. 


Proof:  1.  Clearly,  tt  is  a  minimal  primitive  map.  Then,  by  Proposition  3.3,  He  is  also 
a  minimal  primitive  map. 

2.  Restrictability:  If  A"  is  eventually  i-restrictable,  then  A'  is  eventually  H'J{LY- 
restrictable  by  output  feedback  —>■  A'  is  eventually  hr''(L)^-restrictable  — ^  A'  is  even¬ 
tually  7r(jy''(jC)'^)-restrictable  A  is  eventually  He{LY-Testrictahle  by  output  feed¬ 
back. 


Detectability:  Straightforward. 


□ 
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4  Aggregation 

In  this  section,  we  use  the  concept  of  modelling  of  the  previous  section  to  present 
an  approach  for  the  aggregation  of  BEDS.  What  we  have  in  mind  is  the  following 
paradigm.  Suppose  that  our  system  is  capable  of  performing  a  set  of  tasks,  each  of 
which  is  a  primitive  as  defined  in  the  previous  section.  What  we  would  like  to  do  is 
to  design  a  compensator  that  accepts  as  inputs  requests  to  perform  particular  tasks 
and  then  controls  A  so  that  the  appropriate  task  is  performed.  Assuming  that  the 
completion  of  this  task  is  detected,  we  can  construct  a  higher  level  and  extremely 
simple  standard  model  for  our  controlled  system:  tasks  are  requested  and  completed. 
Such  a  model  can  then  be  used  as  a  building  block  for  more  complex  interconnections 
of  task-oriented  automata  and  as  the  basis  for  the  closed  loop  following  of  a  desired 
task  schedule. 

In  the  first  subsection  we  define  tasks  and  several  critical  properties  of  sets  of 
tasks  and  their  compensators.  Roughly  speaking  we  would  Hke  tasks  to  be  uniquely 
identifiable  segments  of  behavior  of  A  that  in  addition  do  not  happen  “by  accident” 
during  task  set-up.  More  precisely,  we  introduce  the  notion  of  independence  of  tasks 
which  states  that  no  task  is  a  subtask  of  another  (so  that  all  tasks  describe  behavior 
at  roughly  the  same  level  of  granularity)  and  the  notion  of  a  consistent  compensator, 
which,  while  setting  up  to  perform  a  desired  task,  ensures  that  no  other  task  is 
completed.  With  such  a  set  of  tasks  and  compensators  we  can  be  assured  that  a 
desired  task  sequence  can  be  followed,  with  task  completions  seperated  by  at  most 
short  set-up  periods.  In  Section  4.2  we  discuss  the  property  of  task  observability,  i.e., 
the  ability  to  detect  all  occurrences  of  specified  tasks.  In  Section  4.3  we  then  put 
these  pieces  together  to  construct  a  special  higher-level  model  which  we  refer  to  as 
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task  standard  form. 

4. 1  Reachable  Tasks 

Our  model  of  a  task  is  a  finite  set  of  finite  length  strings,  where  the  generation  of 
any  string  in  the  set  corresponds  to  the  completion  of  the  task.  Let  T  be  the  index  set 
of  a  collection  of  tasks,  i.e.,  for  any  i  G  T  there  is  a  finite  set  Li  of  finite  length  strings 
over  H  that  represents  task  i.  In  our  development  we  will  need  a  similar  but  stronger 
notion  than  that  of  minimality  used  in  the  previous  section.  We  let  Lt  =  UigiL,-  and 
define  the  following: 

Definition  4.1  Given  T,  we  say  that  T  is  an  independent  task  set  if  for  all  s  e  Lt,  no 
substring  of  s,  except  for  itself,  is  in  Ly.  □ 

Then  when  we  look  at  a  tracking  sequence  there  is  no  ambiguity  concerning  what 
tasks  have  been  completed  and  which  substring  corresponds  to  which  task.  Note  that 
if  T  is  an  independent  set,  then  the  minimal  recognizer  {At,  a:o)  for  all  of  Lt  has  a 
single  final  state  xj,  i.e.,  all  strings  in  Lt  take  a^o  to  Xf,  and  xj  has  no  events  defined 
from  it  (since  Lt  is  a  finite  set).  Furthermore,  for  each  i  €  T,  the  minimal  recognizer 
{At.,Xq')  also  has  a  single  final  state  Xj’  which  has  no  events  defined  from  it. 

Let  us  define  a  second  task  L2  =  0.^2  in  addition  to  the  task  Li  =  for  the 
example  in  Figure  2.1.  Note  that  this  system  is  in  fact  eventually  L^^^  and 
restrictable.  We  term  such  tasks  reachable: 


Definition  4.2  A  task  i  g  T  is  reachable  if  A  is  eventually  L-'^-restrictable.  T  is  a 
reachable  set  if  each  t  g  T  is  reachable.  □ 
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Definition  4.3  Task  i  e  T  is  reachable  by  output  feedback  if  A  is  eventually  L*''- 
restrictable  by  output  feedback.  T  is  reachable  by  output  feedback  if  each  i  €  T 
is  reachable  by  output  feedback,  □ 

Given  a  task  i  G  T  that  is  reachable  by  output  feedback,  let  Ci  :  T*  U  he  an 
restrictability  compensator.  Consider  the  possible  behavior  when  we  implement  this 
compensator.  Note  that  states  in  Eo{L]^),  as  defined  in  Section  2.10,  are  guaranteed 
to  generate  a  sublanguage  of  L*‘^  in  the  closed  loop  system.  However,  for  any  other 
state  X  ^  Z,  although  we  cannot  guarantee  that  L*^  will  be  generated  given  the 
particvilar  knowledge  of  the  current  state  of  the  system  (i.e.,  given  that  the  system  is 
in  some  state  in  x),  it  may  still  be  possible  for  such  a  string  to  occior.  Furthermore,  in 
general,  a  string  in  Lj,  for  some  other  j,  may  be  generated  from  a  state  x  ^  x  before 
the  trajectory  in  0  reaches  Eo{L*^).  If  in  fact  a  string  in  Lj  is  generated  from  some 
X  £  X,  then  task  j  will  have  been  completed  while  the  compensator  was  trying  to 
set-up  the  system  for  task  i.  Since  this  is  a  mismatch  between  what  the  compensator 
is  trying  to  accomplish  and  what  is  actually  happening  in  the  system,  we  will  require 
that  it  cannot  happen.  We  define  this  property  as  follows  (we  state  the  definition  for 
recurrent  observer  states,  allowing  for  mismatch  for  a  bormded  number  of  transitions 
at  the  overall  start-up  of  the  system): 

Definition  4.4  Given  a  reachable  task  i  £  T  and  an  i*'=-restrictability  compensator 
Ci.  Ci  is  consistent  with  T  if  for  all  ^  G  Zr  n  EoiL*^),  for  all  x  £  x,  and  for  all 
s  £  L{Aci,x),t{s)  ^  Lt-  □ 

Now,  let  us  consider  testing  the  existence  of  and  constructing  consistent  restrictability 
compensators.  Note  that  we  only  need  to  worry  about  forcing  the  trajectory  in  O  into 
Eo{L*^)  without  completing  any  task  along  the  way.  Once  that  is  done,  restricting 
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the  behavior  can  be  achieved  by  the  compensator  defined  in  the  proof  of  Proposition 
2.12.  First,  we  need  a  mechanism  to  recognize  that  a  task  is  completed.  Thus,  let 
{At,  aro)  be  a  minimal  recognizer  for  Lj  with  the  final  state  xj.  Let  Xt  be  the  state 
space  of  At.  Since  not  all  events  are  defined  at  all  states  in  Xt,  we  do  the  following: 
we  add  a  new  state,  say  state  g  to  the  state  space  of  At,  and  for  each  event  that  is 
not  previously  defined  at  states  in  Xt  we  define  a  transition  to  state  g.  Thus  if  At 
enters  state  g,  we  know  that  the  tracking  event  sequence  generated  starting  from  xq 
and  ending  in  g  is  not  the  prefix  of  any  task  sequence.  Also,  to  keep  the  automaton 
alive,  we  define  self-loops  for  all  events  in  E  at  states  g  and  xj.  Let  Ay  be  this  new 
automaton.  Given  a  string  s  over  E,  if  s  takes  xq  to  g  in  Ay  then  no  prefix  of  s  can  be 
in  Lt.  If,  on  the  other  hand,  the  string  takes  xqU}  Xf  then  some  prefix  of  this  string 
must  be  in  Ly.  Now,  let  O'  =  {C ,w',  v')  be  the  observer  for  A  ||  Ay.  We  let  the  state 
space  Z'  of  O'  be  the  range  of  initial  states 

Zq  =  {x  X  {a;o}|®  C  Zr}  (4.1) 

i.e.,  Z'  —  R{0' ,  Zq).  Let  p  ■.  Z'  Zr  ho  the  projection  of  Z'  into  Zr,  i.e.,  given 
z  6  Z',  p{z)  =  U(xi,a;2)65{a;i}-  Also,  let  E'  =  {i  €  Z'\p{z)  £  Our  goal 

is  to  reach  E'  from  the  initial  states  Z'q  while  avoiding  the  completion  of  any  task. 
Once  the  trajectory  arrives  at  E'^  fxmther  behavior  can  be  restricted  as  desired.  So, 
we  remove  all  transitions  from  states  in  E'^  and  instead  create  self  loops  in  order  to 
preserve  hveness.  Let  O"  =  {G',w",v")  represent  the  modified  automaton.  Let  us 
now  consider  the  set  of  states  in  which  we  need  to  keep  the  trajectory.  These  are  the 
states  that  cannot  correspond  to  a  completion  of  any  task.  Thus,  we  need  to  keep  the 
trajectories  in  the  set 


E"  =  {z  e  Z'\W{xi,X2)  ^  Z,X2^  Xf} 


(4.2) 
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Let  V  be  the  maximal  (f,u)-invariant  subset  of  E',  and  let  K^'  be  the  corresponding 
A-compatible  and  minimally  restrictive  feedback.  In  order  for  a  consistent  compen¬ 
sator  to  exist,  Z'q  must  be  a  subset  of  V:  Assuming  this  to  be  the  case,  we  need  to 
steer  the  trajectories  to  Eg  while  keeping  them  in  V.  Therefore,  we  need  to  find  a 
feedback  K"  :  Z'  —*  U  so  that  Z'  is  £^'-pre-stable  in  O'^y,  and  so  that  the  combined 
feedback  K  :  Z'  U  defined  by 

K{z)  =  K^'{z)  n  K"{z)  (4.3) 

for  all  z  E  Z'  is  A-compatible.  The  construction  of  such  a  K,  if  it  exists,  proceeds 
much  as  in  our  previous  construction  in  Section  2.  Thanks  to  the  uniqueness  of 
K^',  if  we  cannot  find  such  a  feedback,  then  a  consistent  restrictability  compensator 
cannot  exist.  In  the  analysis  in  this  paper,  we  assume  that  consistent  compensators 
exist.  That  is,  we  assume  that  for  each  task  Zq  C  V'  and  K  exists. 

Finally,  let  us  outline  how  we  put  the  various  pieces  together  to  construct  a  con¬ 
sistent  compensator  Cj  for  task  i:  Given  an  observation  sequence  s,  we  trace  it  in  O 
starting  from  the  initial  state  {F}.  Let  x  be  the  current  state  of  0  given  s.  There 
are  three  possibilities: 

1.  Suppose  that  x  ^  Zr  and  the  trajectory  has  not  entered  Eo{L*^)  yet.  Then,  we 
use  O  and  an  Eo(L*^)-pre-stabihzing  feedback  to  construct  C'i(s)  as  explained 
in  the  proof  of  Proposition  2.12. 

2.  Suppose  that  x  E  Zr  and  the  trggectory  has  not  entered  Eo{Ll‘^)  yet.  Then,  we 
use  the  observer  O"  and  the  feedback  K  defined  above.  In  particular,  let  x'  be 
the  state  in  the  observer  O  into  which  the  trajectory  moves  when  it  enters 
for  the  first  time,  and  let  s'  be  that  prefix  of  s  which  takes  {F }  to  x'  in  O.  Then, 


4  AGGREGATION 


31 


we  start  O"  at  state  x'  x  Xo  and  let  it  evolve.  Suppose  that  s/s'  takes  x'  x  Xq 
to  5  in  O"  then 

(7.(5)  =  {v"{z)  n  Kiz))  U  iv"{z)  n  ¥)  (4.4) 

3.  When  the  trajectory  enters  Eo{L*’^),  we  switch  to  using  0{L*‘^)  and  the  (f,u)- 
invariance  feedback  Ci{s)  in  this  case  can  be  constructed  as  explained  in 
the  proof  of  Proposition  2.12. 

In  order  to  develop  a  complete  higher-level  modelling  methodology,  we  need  to 
describe  explicitly  an  overall  compensator  which  responds  to  requests  to  perform 
particular  tasks  by  enabling  the  appropriate  compensator  C,-.  Given  a  set  of  p  tasks 
T,  reachable  by  output  feedback,  and  a  task  i  G  T,  let  Ci  •.  V*  U  denote  the 
compensator  corresponding  to  task  i.  The  compensator  C  that  we  construct  admits 
events  corresponding  to  requests  for  tasks  as  inputs  and,  depending  on  the  inputs, 
C  switches  in  an  appropriate  fashion  between  C,-.  In  order  to  model  this,  we  use  an 
automaton  illustrated  in  Figure  4.1,  which  has  p  states,  where  state  i  corresponds  to 
using  the  compensator  Ci  to  control  A.  For  each  i,  rf  is  a  forced  event,  corresponding 
to  switching  to  Cj.  Let  =  {Tf, . . . ,  r^}  and  Ut  =  2*^.  The  input  to  C  is  a  subset 
of  representing  the  set  of  tasks  which  are  requested  at  present.  The  compensator 
responds  to  this  input  as  follows:  Suppose  that  C  is  set-up  to  perform  task  i.  There 
are  three  possibilities:  (1)  If  the  input  is  the  empty  set,  then  C  disables  all  events  in 
A,  awaiting  future  task  requests;  (2)  if  the  input  contains  then  C  will  not  force 
any  event  but  continue  performing  task  i  (thereby  avoiding  an  unnecessary  set-up 
transient);  (3)  Finally,  if  the  input  is  not  empty  but  it  does  not  contain  rf,  then  C  will 
force  one  of  the  events  in  this  set.  At  this  level  of  modelling,  we  do  not  care  which 
event  C  decides  to  force.  Thus,  we  define  C  :  (/y  x  F*  — >  (7  x  so  that  given  an  input 
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Figiire  4.1:  An  Automaton  to  Construct  C 
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Figure  4.2:  Block  Diagram  for  Ac 

in  Ut,  C  chooses  the  appropriate  input  (G  U)  to  A  and  generates  the  forced  events 
(€  $t)  as  explained  above.  If  the  action  of  C  corresponds  to  a  switch  from  one  task 
to  another,  the  compensator  Ci  is  initialized  using  the  approach  described  previously. 
Specifically,  suppose  that  the  observer  is  in  state  x  right  before  rf  is  forced.  Consider 
the  three  cases  described  previously  for  C,:  II  x  ^  Z-r  and  x  ^  Eo{L*‘^),  then  we  use 
O  starting  from  the  initial  state  x  and  an  £Jo(-^r)‘PJ^®‘StabiHzing  feedback.  If  x  £  Zr 
and  X  ^  Eo{L*‘^),  then  we  start  O"  at  state  xxxq  and  use  the  compensator  described 
previously  to  drive  the  system  to  the  desired  set  of  states.  Finally,  if  x  e  Eo{L*‘^), 
then  we  start  0{L*^)  at  state  Xq'  x  x,  where  Xq’  is  the  initial  state  of  the  minimal 
recognizer  for  L*^,  and  we  use  the  (f,u)-invariant  feedback  .  A  block  diagram  for 
Ac  is  illustrated  in  Figure  4.2. 
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4.2  Observable  Tasks 

In  this  section,  we  define  a  notion  of  observability  for  tasks  which  allows  us  to  detect 
all  occurrences  of  a  given  task.  Consistent  with  our  definition  of  detectability,  we 
define  task  observability  after  an  initial  start-up  transient.  Specifically,  we  focus  on 
detecting  occurrences  of  tasks  from  that  point  in  time  at  which  the  observer  enters  a 
recurrent  state.  One  could,  of  course,  consider  the  stricter  condition  of  observability 
without  any  knowledge  of  the  initial  state,  but  this  would  seem  to  be  a  rather  strong 
condition.  Rather,  our  definition  can  be  viewed  either  as  alloAving  a  short  start¬ 
up  period  or  as  specif5dng  the  level  of  initial  state  knowledge  required  in  order  for 
task  detection  to  begin  immediately  (i.e.,  we  need  our  initial  state  uncertainty  to  be 
confined  to  an  element  of  Zr). 

Definition  4.5  A  task  i  €  T  is  observable  if  there  exists  a  function  I :  ZrX  L(0,  Zr) 
{e,V’f }  so  that  for  all  x  e  Zr  and  for  all  x  ex,  1  satisfies 

1 .  X{x,  h{s))  =  for  all  s  e  L{A,  x)  such  that  s  =  P1P2P3  tor  some  Pi,P2,P3  g  S* 
for  which  t{p2)  e  Li,  and 

2.  I{x,  h{s))  =  e  for  all  other  s  e  L{A,  x). 

A  set  of  tasks  T  is  observable  if  each  i  g  T  is  observable.  □ 

Since  we  assume  that  tasks  are  reachable  throughout  this  paper  and  will  use 
task  observability  only  in  conjunction  with  task  control,  we  will  construct  a  test  for 
the  observability  of  task  i  assuming  that  it  is  reachable  and  that  we  are  given  an 
X^c-restrictability  compensator  Ci  which  is  consistent  with  T.  Furthermore,  thanks 
to  consistency,  we  only  need  to  construct  X  for  x  e  Eo{L*^)  and  for  strings  s  such 
that  t{s)  e  Lf.  First,  we  let  be  the  same  as  the  recognizer  Aii 
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but  with  a  self-loop  at  the  final  state  x^'  for  each  <7  G  E.  Now,  let  Q  = 
with  state  space  Xq,  denote  the  live  part  of  A'j^.  ||  A,  i.e.,  Xq  is  the  set  of  states  x 
in  X'l^.  X  X  so  that  there  exists  an  arbitraidly  long  string  in  L{A'j^.  ||  A,x).  In  fact, 
note  that  for  each  x  £  X  such  that  (xq',x)  G  Xq,  there  exists  s  G  L{A,x)  so  that 
t{s)  G  Li.  Finally,  let  Oq  =  (Fq,wq,vq)  be  the  observer  for  Q  so  that  the  state  space 
Zq  of  Oq  is  the  reach  of 

^Qo=  U  (K^}xx)nXQ  (4.5) 

x€Eo(Lr^) 

in  Oq,  i.e.,  Zq  =  R{Oq,Zqo).  Note  that  if  i  is  observable,  then  the  last  event  of  each 
string  in  Li  must  be  an  observable  event.  Assuming  that  this  is  the  case,  let 

Eq  =  {z  £  ZQ\3(x,y)  G  z  such  that  x  =  Sy’}  (4.6) 

Given  the  obseiwations  on  Aci  let  us  first  trace  the  trajectory  in  the  observer  O.  At 
some  point  in  time,  O  will  enter  some  state  x  G  Eo{L*i^).  When  this  happens  we 
know  that  the  system  starts  tracking  task  ^.  At  this  point,  let  us  start  tracing  the 
future  observations  in  Oq  starting  from  the  state  ({xq'}  x  f)  fl  Xq.  This  trajectory 
will  enter  some  z  £  Eq  at  some  point  in  time.  At  this  point,  we  know  that  task  i 
may  have  been  completed.  However,  for  task  observability,  we  need  to  be  certain  that 
task  i  is  completed  whenever  it  is  actually,  completed.  Thus,  for  an  observable  task, 
it  must  be  true  that  for  all  z  £  Eq  and  for  all  (a;,y)  £  z,  x  =  x^\  In  this  case  we 
can  define  T  to  be  e  until  the  trajectory  in  Oq  enters  Eq  and  ‘>pf  from  that  point  on 
Precisely  stated,  we  have  shown  the  following: 

Proposition  4.6  Given  a  reachable  task  i  £  T  and  an  X-^'-restrictability  compen¬ 
sator  Ci  so  that  i  is  consistent  with  C,-,  if  (1)  the  last  event  of  each  string  in  Li  is  an 
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observable  event,  and  (2)  for  all  z  e  Eq  and  for  all  {x,  y)  e  z.x  =  x^  then  task  i 
is  observable  in  A^.  □ 

The  procedure  explained  above  allows  us  to  detect  the  first  completion  of  task 
i.  Detecting  other  completions  of  task  i  is  straightforward:  Suppose  that  O  enters 
the  state  y  when  Oq  enters  Eq.  Note  that  y  E  Eo{Li‘^).  At  this  point  we  detect 
the  first  occurrence  of  task  i  and  in  order  to  detect  the  next  occurrence  of  task  i, 
we  immediately  re-start  Oq  at  state  Xq'  x  y  f]  Xq.  The  procedure  continues  with 
each  entrance  into  Eq  signaling  task  completion  and  a  re-start  of  Oq.  Note  that  the 
observer  O  runs  continuously  throughout  the  evolution  of  the  system.  Let  D*  :  F*  — > 
denote  the  complete  task  detector  system  (which,  for  simplicity,  assumes  an 
initial  observer  state  of  {F}).  We  can  think  of  D*  as  a  combination  of  three  automata: 
the  observer  O,  the  system  Oq  which  is  re-started  when  a  task  is  detected,  and  a 
single  one-state  automaton  which  has  a  self-transition  loop,  with  event  ,  which 
occurs  whenever  a  task  is  detected.  This  event  is  the  only  observable  event  for  this 
system.  Note  that  both  the  Oq  re-start  and  the  transition  can  be  implemented  as 
forced  transitions. 

Finally,  in  the  same  way  in  which  we  constructed  C  from  the  Ci,  we  can  also 
define  a  task  detector  D  from  the  set  of  individual  task  detectors  Di.  Specifically,  if 
C  is  set  at  Ci  initially,  D  is  set  at  Di.  Using  the  output  of  C,  D  switches  between 
Di.  For  example,  if  D  is  set  at  Di  and  rf  is  forced  by  C,  then  D  switches  to  Dj.  The 
output  of  D  takes  values  in  Ft  =  {V’f ,  A  block  diagram  for  D  is  illustrated 

in  Figure  4.3. 
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Figure  4.3:  Task  Detector  Block  Diagram 

4.3  Task- Level  Closed  Loop  Systems  and  Task  Standard  Form 

Using  the  pieces  developed  in  the  preceding  subsections  we  can  now  construct  a 
task-level  closed-loop  system  as  pictued  in  Figure  4.4.  The  overall  system  is  Acd  = 
{Gcd,  fcDidcD,tcD,hcD)  where 

Gcd  —  {^CDi  ^  U  $2”  U  Fy,  $  U  F  U  $y  U  Fy,  .Z,  U  $y)  (4-7) 

Note  that  #y  and  Fy  are  both  observable  and  $y  is  observable.  Also,  we  include  $y 
in  the  tracking  events  to  mark  the  fact  that  the  system  has  switched  compensators. 
This  is  important  since  following  the  switch,  we  will  allow  a  finite  length  set-up.  Also, 
since  it  does  not  make  much  sense  in  practice  to  force  a  switch  to  another  compensator 
while  the  system  is  in  the  middle  of  completing  a  task,  we  impose  the  restriction  that 
events  in  $y  can  only  be  forced  right  after  a  task  is  completed.  Since  we  require 
that  all  the  tasks  are  observable  (see  Proposition  4.7),  we  can  easily  implement  this 
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Figure  4.4:  The  Task-Level  Closed-Loop  System 
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restriction.  Then,  Acd  can  only  generate  strings  s  such  that 

t{s)  e  (H  u  {e}riLi  u  •  •  •  u  L;)iHein)L;  u  • .  •  u  HeiT,)L;y 

where  rit  is  the  maximum  n\imber  of  tracking  transitions  needed  until  0  enters  the 
set  of  recurrent  states  in  Eo{L*y)  for  each  i  6  T. 

The  higher-level  operation  of  this  system  consists  of  the  task  initiation  commands, 
and  the  task  completion  acknowledgements,  Fx-  The  input  t/y  indicating  what 
subset  of  tasks  can  be  enabled  can  be  thought  of  as  an  external  command  contain¬ 
ing  the  choices  -of  subsets  of  #x  to  be  enabled.  The  use  and  control  of  this  command 
involves  higher-level  modelling  or  scheduling  issues  beyond  the  purely  task-level  con¬ 
cept.  What  we  show  in  this  section  is  that  the  task-level  behavior  of  Acd  can  in  fact 
be  modelled,  in  the  precise  sense  introduced  in  Section  3,  by  a  much  simpler  automa¬ 
ton  Atsf  =  {Gtsf,  fTSFidTSp)  illustrated  in  Figure  4.5  where  all  the  events  are 
controllable  and  observable,  i.e., 

Gtsf  —  (Ntsf,  Etsf,  ^tsf  =  SxsF,  Fxsf  =  '^tsf)  (4.8) 

We  are  not  concerned  with  defining  the  tracking  events  of  Atsf  since  this  alphabet  is 
are  not  of  concern  in  our  main  result  below.  We  term  Atsf  the  task  standard  form. 

Let  us  first  define  Hg.  We  first  define  He(e)  =  t  and  Note  that, 

thanks  to  the  independence  of  T,  for  any  pair  of  not  necessarily  distinct  tasks  i  and  j, 
no  suffix  of  string  in  can  be  in  Defining  He{Ti)  is  more  tricky.  There 

are  two  issues: 

1.  We  need  to  take  into  accoimt  the  fact  that  the  closed  loop  system  does  iiet 
generate  strings  in  Li  immediately  after  C  switches  to  Cj.  In  particular,  if  we 
assume  that  O  is  in  a  recurrent  state  when  C  switches  to  Ci  and  if  we  let  Ue 
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denote  the  maximum  number  of  tracking  transitions  that  can  occur  in  A  for 
any  trajectory  in  O  that  starts  from  a  recurrent  state  of  O  up  to  and  including 
the  transition  that  takes  the  trajectory  to  a  state  in  Eo{L*^),  then  at  most  Ue 
tracking  transitions  can  occur  after  C  switches  to  and  before  the  behavior 
of  the  closed  loop  system  is  restricted  to  Thus,  we  must  choose  He  so  that 
H.in)  C  rf  (S  U  {£))"-. 

2.  We  also  need  to  ensure  the  minimality  of  Hg.  Specifically,  we  now  know  that 
He{Ti)  C  t[ (E  U  {e})”®.  Suppose  that  we  let  He{Ti)  =  U  {e})”®.  Then,  no 
suffix  of  a  string  in  He{il^i)  can  be  in  He{Ti)  since  all  strings  in  He{ri)  start  with 
t[ .  Also,  no  suffix  of  a  string  in  He{Ti)  can  be  in  He{Tj)  even  if  i  =  j.  However, 
a  suffix  of  a  string  in  t/^(E  U  {e})"®  may  be  in  some  j.  Thus,  we 

let  Hein)  =  (E  U  {e})”®  fl  (E  U  {e})”«Lx-  Note  that  thanks  to  consistency,  the 
strings  in  Lt  cannot  occur  in  a  set-up  of  a  task.  Therefore,  eliminating  strings 
that  end  with  a  string  in  Lt  will  not  cause  any  problems  in  restrictability. 

Proposition  4.7  Given  a  set  of  tasks  T  that  is  reachable  by  output  feedback  and 
observable,  Atsf  is  an  He-model  of  Acd- 

Proof:  We  first  verify  the  detectability  condition.  Before  defining  Ho,  let  us  define 
t' :  ^rUFj-  — >  Stsf  as  =  ti  for  all  i  and  for  all  i.  We  then  pick  Hg  as 

t'  of  the  projection  of  the  observation  sequence  over  to  $xUFx,  i.e.,  Ho(s)  = 

t'{s  I  ($x  U  Fy)),  where,  s  1 11,  in  general,  denotes  that  part  of  the  string  s  over  the 
alphabet  11  C  S.  Finally,  let  be  rii  divided  by  the  length  of  the  shortest  string  in 
Lt-  Then,  thanks  to  observability,  the  first  detectability  condition  is  satisfied.  Also, 
using  minimality  it  is  straightforward  to  verify  the  second  detectability  condition. 

Ta  verify  the  restrictability  condition,  we  proceed  as  follows:  Note  that  Atsf  is 
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eventually  restrictable  to  any  infinite  length  string  s  in  L{Ajsf)'  Thus,  if  we  show 
that  Acd  is  eventually  i?e(s)^-restrictable  by  output  feedback,  then  the  restrictability 
condition  is  verified.  Let  us  now  proceed  with  showing  this.  If  the  first  event  of  s  is 
some  Ti,  then  we  simply  force  t[  and  look  at  the  second  event.  If  the  first  event  of  s 
is  some  V’i,  then  we  force  t[  and  wait  until  V’t-  When  occurs,  we  look  at  the  second 
event.  In  both  cases,  when  we  look  at  the  second  event,  we  repeat  the  same  process. 
It  then  follows  that  Acd  is  restricted  as  desired.  Therefore,  Atsf  is  an  ife-aiodel  of 
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5  High-Level  Models  of  Composite  Systems 

The  formalism  described  in  the  previous  section  can  obviously  be  applied  in  an  iter¬ 
ative  fashion  to  obtain  a  hierarchy  of  aggregate  models  in  which  words  (i.e.,  tasks) 
at  one  level  are  translated  into  letters  (higher  level  events)  at  the  next  level.  In 
addition  to  such  a  vertical  configuration  of  such  models,  it  is  also  of  considerable 
interest  to  investigate  horizontal  configurations.  Specifically,  in  many  applications 
the  overall  DEDS  is  actually  an  interconnection  of  a  number  of  simpler  BEDS.  For 
example,  a  flexible  manufacturing  system  (FMS)  can  be  viewed  as  an  interconnection 
of  workstations  and  buffers.  In  such  a  system,  typically  the  system-wide  tasks  to  be 
performed  can  be  broken  down  into  individual  tasks  performed  by  subsystems.  In 
this  case,  it  makes  sense  to  develop  individual  task  controllers  for  each  subsystem 
and  then  consider  their  interconnections,  and  obviously  the  computational  savings 
from  such  an  approach  may  be  considerable.  In  this  section  we  develop  conditions 
under  which  we  can  construct  such  a  system-wide  task-level  model  from  local  task 
models.  Once  we  have  such  an  aggregate  system-wide  model  one  can  then  consider 
higher-level  coordinated  control  of  the  entire  system,  and  this  we  illustrate  through 
a  simple  model  of  an  FMS. 

5.1  Composition 

In  this  section  we  focus  on  a  simple  class  of  models.  Specifically,  we  wish  to  examine 
a  DEDS  that  consists  of  a  set  of  uncoupled  subsystems,  i.e.,  as  described  by  automata 
with  no  shared  events.  For  example,  a  collection  of  workstations  can  be  thought  of 
in  this  manner.  Obviously,  for  an  FMS  to  produce  an3rthing  useful,  it  will  need  to 
coordinate  the  activity  of  these  workstations,  e.g.,  by  connecting  them  with  conveyor 
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belts,  including  buffers,  etc.  However,  such  coordination  affects  behavior  at  the  task 
level — ^i.e.,  it  does  not  influence  how  a  workstation  performs  a  specific  task  but  rather 
what  sequence  of  tasks  is  performed  by  what  sequence  of  workstations  .  Thus,  such 
coordination  is  in  essence  a  higher-level  control  which  can  be  viewed  as  a  restriction 
on  the  behavior  of  the  composite  system.  In  the  next  subsection  we  wiU  illustrate 
how  such  coordination  can  be  incorporated,  and  this  allows  us  to  focus  here  on  the 
uncoupled  behavior  of  the  subsystems. 

Suppose  that  our  system  has  m  subsystems  and  that  there  is  a  set  of  reachable  and 
observable  tasks,  F  defined  for  each  subsystem  j.  Let  =  (G^gp,  fpspi  ^tsf) 

be  the  task  standard  form  for  subsystem  j,  where  Yipsp  consists  of  r/  and  V’,-  for 
all  tasks  i  €  F.  Then,  the  (uncoupled)  interconnections  of  these  subsystems  can  be 
simply  represented  by 

=||”.1  4c  =  4c  II  ■■■  II  A’S„  (5.1) 

If  we  also  let 

^SF  ^  JSF  jSF ^  (5  ^) 

and  we  let 

He{(T)  —  ife(cr),  for  a  e  (5.3) 

then  since  A^gp  share  no  events,  is  minimal. 

In  order  to  state  the  main  result  of  this  section  we  need  the  following,  where  Ag 
denotes  A  with  all  controllable  events  disabled; 

Definition  5.1  Task  i  e  T  is  preventable  if  for  all  s  e  L{A,i)  t{s)  ^  Li.  T  is  preventable 
if  all  its  tasks  are  preventable.  □ 

In  the  rest  of  this  section,  we  wiU  assume  that  F  is  preventable  for  all  j : 
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Proposition  5.2  is  an  ife-model  of  A^. 

Proof:  Let  us  first  verify  the  detectability  condition.  We  let  and  Fy  denote  the 
sets  and  Fy  of  subsytem  j.  As  in  the  proof  of  Proposition  4.7,  we  define  a  function 
t'  so  that  t'{Tp)  =  t/  and  for  all  i  and  j.  Then,  we  let 

m  m 

/foW  =  n»i(U4uUrH) 

j=l  j=i 

and  the  rest  of  this  proof  follows  as  in  the  proof  of  Proposition  4.7. 

To  verify  the  restrictability  condition,  we  proceed  as  follows:  Note  that  A^^  is 
eventually  restrictable  to  any  infinite  length  string  s  in  L(A^^).  Thus,  if  we  show 
that  A^  is  eventually  ifeC-s)'" -restrictable  by  output  feedback,  then  the  restrictability 
condition  is  verified.  Let  us  now  proceed  with  showing  this.  If  the  first  event  of  s  is 
some  r/,  then  we  force  disable  all  events  of  all  the  other  subsystems  and  look 
at  the  second  event.  If  the  first  event  of  s  is  some  tpf,  then  we  force  rp,  disable  all 
events  of  all  the  other  subsystems  and  wait  until  V’i-  When  occurs,  we  look  at 
the  second  event.  In  both  cases,  when  we  look  at  the  second  event,  we  repeat  the 
same  process.  Also,  thanks  to  preventabihty,  it  then  follows  that  A^  is  restricted  as 
desired.  Therefore,  A^^  is  an  He  model  of  A^.  □ 

The  concept  of  preventabihty  and  the  nature  of  om*  higher  level  model  deserve 
some  comment.  The  framework  we  have  described  here  is  essentially  one  of  serial 
operation — i.e.,  our  system- wide  task  level  model  describes  the  sequence  in  which 
tasks  are  completed  by  all  subsystems  (i.e.,  task  1  by  workstation  1,  then  task  3  by 
workstation  2,  . . . ).  While  preventabihty  is  an  essential  concept  in  any  system,  in 
practice  we  only  want  to  prevent  a  subsystem  from  operating  if  its  next  action  is  truly 
serially  dependent  on  the  completion  of  another  task  by  another  subsystem.  In  other 
cases  we  may  want  to  allow  several  subsystems  to  be  operating  in  parallel.  While  it 
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Figure  5.1:  Two  Systems 

is  possible  to  infer  parallelism  by  a  detailed  examination  of  event  and  task  sequences 
(much  as  one  can  when  examining  the  event  trajectory  for  the  shuffle  product  [10] 
of  susbsystems),  this  is  not  a  totally  acceptable  solution.  Tb  capture  parallelism  in 
a  more  direct  way.  we  need  to  add  complexity  to  our  task  standard  form  by  keeping 
track  not  only  of  task  completion  but  also  task  initiation,  so  that  in  the  task-level 
composite  our  state  at  any  time  will  indicate  what  set  of  tasks  are  ongoing.  The 
detailed  development  of  these  ideas  is  left  to  a  future  paper. 

5.2  Subsystem  Interactions  and  Higher  Level  Control 

As  we  indicated  previously,  interactions  between  subsystems  can  often  be  modelled 
via  restrictions  on  the  system-wide  task-level  model.  In  the  following  example,  we 
illustrate  how  the  presence  of  buffers  between  workstations  can  be  represented  as 
such  restrictions.  Furthermore,  we  will  see  that  the  restrictions  imposed  by  each 
buffer  can  be  dealt  with  independently,  and  each  restriction  can  be  viewed  as  the 
action  of  a  compensator. 

Example  5.3  Suppose  that  we  have  two  systems,  each  capable  of  performing 
two  reachable  and  observable  tasks.  We  let  task  1  and  2  be  the  tasks  associated 
with  the  first  system,  and  tasks  3  and  4  be  the  tasks  associated  with  the  second 
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Figure  5.2:  First  BufTer  Implementation 


Figure  5.3:  Second  Buffer  Implementation 
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system,  We  model  these  systems  by  the  task-level  automata  Illustrated  in  Figure  5. 1 
where  all  tasks  are  also  assumed  to  be  observable  and  for  simplicity  of  exposition, 
we  have  assumed  that  there  is  no  set-up  involved  in  switching  between  tasks  (i.e„ 
the  workstations  produce  no  extraneous  events  between  the  event  sequences 
corresponding  to  the  various  tasks),  in  this  case  there  is  no  need  to  include  both 

and  Ti  in  the  task-level  model.  Suppose  that  each  system  is  a  modei  of  a 
workstation  in  an  FMS,  which  manufactures  two  different  parts,  so  that  the  first 
part  can  be  manufactured  by  performing  tasks  1 , 3,  and  2  successiveiy,  and  the 
second  part  can  be  manufactured  by  performing  task  1  foiiowed  by  task  4.  Let 
us  assume  that  there  is  a  buffer  of  size  two  between  the  two  workstations  so  that 
every  occurence  of  increases  this  buffer  and  every  occurence  of  V’s  or  il^4 
decreases  it.  This  buffer  imposes  two  restrictions  on  the  system:  First,  should  not 
occur  when  the  buffer  is  fuii,  and  second,  V’s  and  V’4  should  not  occur  when  the 
buffer  is  empty.  These  restrictions  can  be  implemented  in  a  straightforward  way, 
and  the  ciosed  ioop  system  is  iiiustrated  in  Figure  5.2.  Let  us  aiso  assume  that  there 
is  a  buffer  of  size  one  belween  the  two  workstations  so  that  every  occurence  of 
^3  increases  this  buffer  and  every  occurence  of  ^2  decreases  it.  Restricting  the 
system  further  by  the  conditions  imposed  by  this  buffer  yieids  the  closed  loop 
system  In  Figure  5.3.  □ 

In  general,  given  A^,  and  Hg  so  that  A^^  is  an  ^fiTe -model  of  A^,  suppose  that 
a  buffer  restriction  can  be  implemented  by  a  compensator  C  on  A^^ .  Then,  thanks 
to  Proposition  3.5,  we  can  find  a  compensator  C  so  that  the  closed  loop  system  A^ 
is  an  ^fe-naodel  of  the  closed  loop  system  A%,.  Furthermore,  we  can  consider  further 
restrictions  on  the  behavior  of  A^  corresponding  to  higher-level  primitives,  called 
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Figure  5.4:  Procedure  Standard  Form  for  Example  5.3 

procedures,  which  consist  of  sequences  of  tasks.  Let  us  illustrate  this  for  Example 
5.3.  In  this  example,  we  let  Agp  represent  the  system  in  Figure  5.3.  Based  on  the 
two  parts4o  .be  manufactured  defined  in  Example  5.3,  we  define  two  procedures  for 
this  system,  namely  Lx  =  '0iV’3^2>  and  £2  =  '0iV’4-  It  is  straightforward  to  show 
that  the  states  00  and  10  are  £i^-restrictable,  and  states  00,10,01,  and  11  are  L'^- 
restrictable,  and  furthermore,  Agp  is  both  eventually  £i‘^-restrictable  and  eventually 
£2^-restrictable.  Note  that  since  all  tasks  are  observable,  we  do  not  need  to  worry 
about  procedure  detection  in  this  case.  Thus,  we  can  construct  compensators  for  each 
procedure  as  we  did  for  tasks  in  the  previous  section.  Let  K  denote  the  combined  com¬ 
pensator,  let  A^^  denote  the  closed  loop  system,  and  let  Apsf  denote  the  automaton 
in  Figure  5.4,  where  <t,  represents  switching  to  procedure  i  and  x,  represents  com¬ 
pleting  procedure  i.  Then  we  can  find  a  map  so  that  Apsf  is  an  iJe -model  of 
Aq^,  We  term  Apsf  the  procedure  standard  form.  Finally,  thanks  to  Proposition 
3.6,  ApsF  also  models  Aqi^,  oxir  original  system  combined  with  task  compenators  for 
each  system,  buffer  restrictions  implemented  by  C,  and  the  procedure  compensator 
K. 
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6  Conclusions 

In  this  paper,  we  have  introduced  concepts  of  higher-level  modelling  for  DEDS  based 
on  a  given  set  of  primitive  event  sequences  corresponding  to  tasks  which  the  system 
may  perform.  Through  our  investigation  of  task  reachability  we  constructed  task 
compensators  and  this,  together  with  task  observability  allowed  us  to  construct  simple 
high-level  models  of  automata  so  that  events  in  the  high-level  model  correspond  to 
set-up  and  completion  of  tasks.  We  have  also  considered  the  higher  level  modelling 
of  systems  that  are  composed  of  a  set  of  subsystems  and  we  have  shown  how  the 
coordinated  control  of  such  a  system  can  be  effected  by  higher-level  control  which  we 
have  referred  to  as  procedures. 

The  aggregation  scheme  presented  in  this  paper  addresses  an  important  issue  of 
computational  complexity  in  DEDS  problems  of  interest.  In  particular,  for  computa¬ 
tions  involving  systems  that  are  composed  of  m  subsystems  so  that  the  description 
of  each  subsystem  has  n  states,  the  complexity  is  a  fimction  of  n™.  Our  aggregation 
procedure  is  important  in  reducing  n  considerably  since  the  cardinality  of  the  state 
space  of  the  high-level  model  equals  the  number  of  tasks. 

Finally,  there  are  several  important  directions  for  further  research.  As  we  have 
indicated,  one  of  these  involves  the  extensions  of  our  approach  in  order  to  capture  par¬ 
allelism  in  interconnected  systems.  A  second  deals  with  a  more  carefiil  examination 
of  the  information  and  control  required  at  various  levels  of  a  hierarchical  control  sys¬ 
tem  of  the  type  described  here.  In  particular,  while  complete  control  and  observation 
of  each  task  is  essential  at  the  individual  subsystem  level,  such  detailed  informa¬ 
tion  and  control  action  may  not  be  needed  at  the  procedime  level.  For  example,  if 
a  procedure  consists  of  performing  task  1  on  machine  1  and  then  either  task  7  on 
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machine  2  ^  task  5  on  machine  3,  the  procedure-level  system  does  not  need  to  know 
which  alternative  has  been  followed  but  only  needs  an  acknowlegement  that  one  of 
them  has  been  completed.  By  developing  a  rational  methodology  for  minimizing  the 
diversity  of  control  actions  and  information  required  at  any  level  we  may  be  able 
to  reduce  considerably  the  information  being  transmitted  and  stored  in  the  overall 
system.  For  example,  this  is  of  obvious  importance  in  communication  systems,  since 
the  commands  to  perform  tasks  such  as  transmitting  packets  and  information  on  the 
completion  of  such  tasks  need  to  be  transmitted  through  the  network,  and  as  these 
control  transmissions  increase,  the  network  performance  deteriorates. 
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